django -- denial-of-service attack

Description:

Django project reports:

Django's forms library includes field types which perform regular-expression-based validation of email addresses and URLs. Certain addresses/URLs could trigger a pathological performance case in these regular expression, resulting in the server process/thread becoming unresponsive, and consuming excessive CPU over an extended period of time. If deliberately triggered, this could result in an effectively denial-of-service attack.

References:

CVE name CVE-2009-3695
URL: <http://www.djangoproject.com/weblog/2009/oct/09/security/>

Affects:

py23-django <1.1.1
py24-django <1.1.1
py25-django <1.1.1
py26-django <1.1.1
py30-django <1.1.1
py31-django <1.1.1
py23-django-devel <11603,1
py24-django-devel <11603,1
py25-django-devel <11603,1
py26-django-devel <11603,1
py30-django-devel <11603,1
py31-django-devel <11603,1

portaudit: django -- denial-of-service attack

Disclaimer: The data contained on this page is derived from the VuXML document, please refer to the the original document for copyright information. The author of portaudit makes no claim of authorship or ownership of any of the information contained herein.

If you have found a vulnerability in a FreeBSD port not listed in the database, please contact the FreeBSD Security Team. Refer to "FreeBSD Security Information" for more information.

Oliver Eikemeier <eik@FreeBSD.org>